Introduction
HOA Cloud ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our association management platform at hoacloud.app.
By using HOA Cloud, you agree to the collection and use of information in accordance with this policy. If you are a subscriber, your use of the platform is also governed by the Master Subscription Agreement.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, phone number, mailing address
- Property Information: Property address, unit number, ownership details
- Payment Information: Credit card details and bank account information (processed by Stripe)
- Communication Data: Messages, support tickets, maintenance requests, work order communications
- Documents: Association documents, compliance certificates, vendor licenses, photos, invoices
- Profile Information: Role within your association (owner, tenant, board member, property manager), preferences
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, clicks, navigation patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Cookies and Tracking: We use cookies, pixels, and similar technologies (see Section 7 below)
- Location Data: Approximate location from IP address; precise location if you enable geolocation for check-in features
- Analytics Data: Collected via Google Analytics and Google Tag Manager, including conversion tracking
1.3 Information from Third Parties
- Stripe: Payment processing status, payment method details, bank account verification via Financial Connections
- Google Workspace: Calendar events, meeting participants, video recordings (with consent)
2. How We Use Your Information
We use collected information for the following purposes:
2.1 Platform Operations
- Provide and maintain association management services
- Process dues payments and fees
- Manage maintenance requests and work orders
- Facilitate vendor management and compliance tracking
- Schedule meetings and manage communications
- Generate reports and analytics for association boards
2.2 Payment Processing
- Process recurring dues via Stripe (credit card and ACH)
- Verify bank account ownership via Stripe Financial Connections
- Detect and prevent payment fraud
- Issue refunds and process credits
- Maintain transaction history for accounting purposes
2.3 Communications
- Send transactional and notification emails via SendGrid and Resend (payment confirmations, work order updates)
- Send SMS notifications via Twilio (with your consent)
- Respond to support requests and inquiries
2.4 AI-Powered Features
- Analyze uploaded documents using OpenAI Vision API (vendor certificates, invoices)
- Classify documents using Anthropic Claude AI
- Extract structured data from PDFs and images
- Generate meeting summaries and power website builder features using Google Gemini AI
- Note: AI processing may involve sending document content to third-party AI providers. We minimize the transmission of personally identifiable information and only include it when necessary for the feature.
2.5 Analytics and Improvement
- Analyze platform usage via Google Analytics and Google Tag Manager
- Track advertising conversions via Google Ads
- Improve user experience and fix bugs
- Develop new features based on user behavior
- Monitor platform performance and security
2.6 Legal Compliance
- Comply with Florida association laws (Chapters 718 and 720, Florida Statutes)
- Maintain financial records (7 years per IRS requirements)
- Respond to legal requests and investigations
- Enforce the Master Subscription Agreement
3. How We Share Your Information
We do NOT sell your personal information. We share information only in the following circumstances:
3.1 Service Providers
We share data with the following service providers to operate the platform:
- Vercel: Hosting and infrastructure
- Supabase: Database and authentication
- Stripe: Payment processing, bank account verification, and fraud detection (PCI DSS compliant)
- SendGrid: Email delivery
- Resend: Email delivery
- Twilio: SMS notifications
- OpenAI: AI document analysis
- Anthropic: AI document classification
- Google: Workspace integration (meetings, calendar), analytics, and AI features (Gemini)
3.2 Within Your Association
- Board members can view resident contact information and payment status
- Property managers can access all data for properties they manage
- Office staff can view information for their management company's properties
- Vendors can see work order details and property contact information
- Data access is controlled by role-based permissions and property assignments.
3.3 Legal Requirements
We may disclose information if required by law, including:
- Compliance with court orders, subpoenas, or legal process
- Reporting to law enforcement when legally required
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
3.4 Business Transfers
If HOA Cloud is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.
4. Data Security
We implement industry-standard security measures:
4.1 Encryption
- Data in Transit: TLS 1.3 encryption for all connections (HTTPS enforced)
- Data at Rest: AES-256 encryption for all stored data (database, files, backups)
- Sensitive Data: Additional AES-256-GCM encryption layer for payment and authentication secrets
- Passwords: Bcrypt hashing (not reversible)
4.2 Access Controls
- Role-based access control (RBAC) limits data visibility
- Two-factor authentication (TOTP) available for all users
- Database Row Level Security (RLS) policies enforce data isolation between associations
4.3 Monitoring
- Security monitoring and alerting via infrastructure providers
- Automated vulnerability scanning
- Audit logging of key data access and changes
In the event of a data breach involving your personal information, we will notify affected individuals in accordance with Florida Statutes §501.171 and any other applicable breach notification laws.
Note: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.
5. Data Retention
We retain your information for different periods based on type and legal requirements:
| Data Type | Retention Period | Reason |
|---|
| Governing documents | Permanent | Florida Statutes §718.111(12) |
| Financial records | 7 years | IRS/GAAP requirements |
| SIRS / structural inspections | 15 years | HB 913 §718.111(12)(a)(15) |
| Communication records | 7 years | Official records requirement |
| User accounts | While active + 90 days | Grace period for reactivation |
| Vendor records | 7 years after last transaction | Tax compliance |
| Contracts | 7 years after expiration | Statute of limitations |
| Video recordings | 1 year | §718.111(12)(g) |
| Bids and proposals | 1 year | §718.111(12)(a) |
| System logs | 1 year (security logs: 3 years) | Security monitoring |
| Backups | 90 days rolling | Disaster recovery |
6. Your Privacy Rights
6.1 All Users
- Access: Request a copy of all data we hold about you
- Correction: Update inaccurate or incomplete information
- Deletion: Request deletion of your personal data (exceptions apply for legal requirements)
- Portability: Receive your data in a portable format (JSON/CSV)
- Opt-Out: Unsubscribe from marketing emails and SMS
6.2 California Residents (CCPA)
In addition to the above, California residents have the right to:
- Know what personal information is collected, used, shared, or sold
- Delete personal information (with legal exceptions)
- Opt-out of sale of personal information (Note: We do not sell personal information)
- Non-discrimination for exercising privacy rights
6.3 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: info@hoacloud.app
- Mail: HOA Cloud, 627 Cape Coral Parkway West Suite 202, Cape Coral, FL 33914
- Phone: (866) 568-1881
We will respond to verified requests within 30 days. We may request additional information to verify your identity before fulfilling requests.
7. Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit our platform. We use cookies, local storage, pixels, and similar technologies to operate the platform, remember your preferences, and understand usage patterns.
7.1 Essential Cookies (Required)
These cookies are necessary for the platform to function. You cannot disable them.
| Cookie | Purpose | Duration |
|---|
| sb-access-token | Authentication session | Session |
| sb-refresh-token | Refresh authentication session | 7 days |
| csrf_token | Cross-site request forgery protection | Session |
7.2 Functional Cookies (Optional)
These cookies remember your preferences and settings.
| Cookie | Purpose | Duration |
|---|
| selected_property | Remember selected property | 30 days |
| theme_preference | Light/dark mode preference | 1 year |
| sidebar_collapsed | Sidebar expand/collapse state | 30 days |
7.3 Analytics Cookies (Optional)
These cookies help us understand how visitors use the platform.
| Cookie | Provider | Purpose | Duration |
|---|
| _ga | Google Analytics | Distinguish unique users | 2 years |
| _ga_* | Google Analytics | Store and count page views | 2 years |
| _gid | Google Analytics | Short-term user distinction | 24 hours |
7.4 Cookies We Do NOT Use
- Advertising Cookies: We do not serve third-party ads
- Social Media Tracking: We do not embed social media trackers
- Cross-Site Tracking: We do not track you across other websites
7.5 Other Tracking Technologies
- Local Storage: Used to cache data, store draft content (maintenance requests, messages), and remember non-sensitive preferences
- Email Pixels: We track email open rates for transactional emails to improve communication effectiveness
- Server Logs: IP address, browser type, pages visited, and referring website are logged for security monitoring (retained 90 days)
7.6 Managing Your Preferences
You can control cookies through:
- Cookie consent banner: Displayed on first visit; change preferences anytime via the footer link
- Browser settings: Most browsers allow you to block or delete cookies
- Google Analytics opt-out: Install the Google Analytics Opt-out Browser Add-on
Note: Blocking essential cookies may prevent you from logging in and using core platform features.
8. Third-Party Links and Services
Our platform may contain links to third-party websites (e.g., vendor websites, payment processors). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.
9. Children's Privacy
HOA Cloud is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at info@hoacloud.app.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email notification to registered users
- Displaying an in-app notification upon login
Your continued use of HOA Cloud after changes become effective constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Privacy Contact Information
- Email: info@hoacloud.app
- Phone: (866) 568-1881
- Mail: HOA Cloud
Attn: Privacy Officer
627 Cape Coral Parkway West Suite 202
Cape Coral, FL 33914